1. Field of the Invention
The present invention relates generally to assisting a software architect in the design of an architecture for a new application, product or service, and relates more particularly to ensuring that a new or proposed software application or software-based product or service for an organization complies with all legal and other externally-imposed requirements, as well as the organization's own policies and guidelines, and makes optimum use of the organization's accumulated institutional knowledge and experience.
2. Related Art
It is frequently necessary for an enterprise to create a new software application, either for purely internal use, or as part of a new product or service it wishes to offer to customers. Such an application might have to do with accounting, inventory control, or with storing and maintaining information about the enterprise's customers, or be a tool for use in performing analysis of some body of information, or an interactive website for use by customers. In many instances the new application will need to exchange information with existing programs that may be platformed on different operating systems. In addition, of course, the new application must meet the needs of its prospective users, whether they are customers, outside vendors, or the organization's own accounting personnel, financial analysts, marketing personnel, or others. In addition, there may often be external requirements besides customers' preferences that must be met, including in particular legal obligations such as providing adequate protection for sensitive, or merely private, customer information at the level mandated by applicable laws (which may involve meeting different requirements, imposed by the laws of several jurisdictions, in the case of an application that is intended to handle, e.g., information of customers residing in the United States, Canada and European Union member states).
In some cases, meeting all these disparate types of demands and constraints may be relatively simple, and particularly in a smaller organization, may be achievable simply by sufficient discussions and negotiations between the information technology (IT) department and others in the organization. In a large organization, however, such a project may be extremely complex, and a more organized, methodical approach may be required. This is both because the more complex the project, the more difficult it will be to ensure that all applicable requirements have been met, and because as the level of complexity increases, the time and cost of attaining that certainty can easily increase to the point that an otherwise reasonable project may become unfeasible.
Ordinarily, a great deal of the information necessary for ensuring that all applicable requirements are met is present within the organization itself, although in other cases, it may be necessary to obtain certain information from customers or vendors. Applicable legal requirements will be known to personnel in the legal department, and the accumulated experience of personnel in the IT department will be relevant to such matters as ensuring that an application can exchange information with existing ones, knowing what infrastructure is needed to maintain an application running reliably, and with a desired speed, and so forth. In addition, the organization likely has numerous policies that may affect what is acceptable or unacceptable in a proposed application, and this information also will be available within the organization. For a person or team tasked with creating the new application, however, gathering all relevant information from all these sources, and being certain that nothing relevant has been missed, is nearly certain to be a time-consuming and frustrating, although indispensable, part of the project.
In addition to the practical necessity of ensuring, at a feasible cost and in a reasonable time, that the new application will function as desired and will meet all specific government mandates, the onus has been mounting on companies to ensure good governance throughout their businesses. Today there is a growing focus on companies' internal oversight of their structures, operating practices and implementations, with a growing need for documented accountability and across-the-board compliance with preset, approved standards. (One need only consider the recent Sarbanes-Oxley legislation as evidence of this trend.) Consequently, it may not be enough for an organization actually to create a new application quickly and inexpensively while ensuring that it meets all applicable requirements, the organization also needs to be seen to be doing so by its shareholders and regulators.
There has been until now no systematic and automated means by which to verify and maintain a record of new project compliance with applicable laws, regulations, customer desires, vendor needs, and internal requirements absent labor-intensive manual review of each project.
Another problem that has existed is the adoption of inconsistent and non-standard infrastructure implementations, which are difficult and costly to build and support. The current problem in the industry from an infrastructure, architecture and development perspective is that those three areas are not connected in any meaningful way. This problem has existed for many years since organizations have been building complex computer architectures to solve business problems, and has only become more serious with the advent of distributed computing and the increase in the number of hardware and software components required to build an information system.
There exist a number of tools that may help a company to simplify the job of designing new software, or that otherwise help in streamlining a company's procedures, but none come close to solving the problem described above. For example, Microsoft® Corporation has a design tool that allows for the constructions of systems. It provides a single view of a possible partial implementation. Microsoft's design tool is described at http://msdn.microsoft.com/msdnmag/issues/04/07/Whitehorse/. This design tool, Visual Studio® 2005, is a suite of graphical tools for use in implementing service-oriented architecture (“SOA”). With this design tool, architects are able to bind services to servers and later validate that any resulting design will in fact run successfully in a datacenter. Architects can likewise provide technical descriptions of, for instance, communication between different types of program that meets specific constraints, including user-defined constraints. However, despite allowing a user to specify constraints of these sorts that need to be met, this design tool does not enable an organization to present legal, policy, and other types of requirements as a single catalog to in-house architects and outside vendors alike, to assist in ensuring that new proposed applications conform to applicable requirements.
IBM® and many other vendors are building tools to design better architectures with their products to a new style called SOA (Service Oriented Architecture).
Centrata® has marketed a tool which, although not used in architecture design, helps a company provide new employees with all needed equipment, paperwork, and the like, automatically. A newly hired employee requires a new desk, office or cubicle, telephone, computer workstation, the ability to enter at least certain portions of the worksite, and the like. Instead of all of these supplies, keys and authorizations being provided through different departments of the company, the Centrata product itself notifies the relevant departments or personnel of the actions they respectively need to take to provide the new employee with all that is needed.
Nonetheless, there is still no systematic method for determining how closely an architect's proposed application conforms to applicable requirements as discussed above, nor is there a cost-effective way to ensure the adoption of consistent architecture solutions throughout an organization.
Given the foregoing, what is needed is a system, method and computer program product for conforming proposed solutions to a predefined set of standardized parameters. Specifically, there exists a need to automate architecture design to ensure use, where feasible, of one of a company's pre-approved architectures, and to ensure in any event the compliance of new applications and implementations with all applicable requirements, without the need for a manual review of every aspect of the proposal.